azure-blob 0.4.2 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7eab2543de0e2e4663211095fd459507761bf270038308464723270506f63ac5
-  data.tar.gz: 1c0b7016bf21df9c1134be50eb2555f14f9f4b76e9a8664e70e003cee5b04208
+  metadata.gz: 9a83c96b748a5659438b382a79a1af068c1552f4ee895dd16b863b00758d8d1f
+  data.tar.gz: f6def3a97bde3b96ef53618502454b3c3bd0103e07332ed19f817d3298971860
 SHA512:
-  metadata.gz: 6f03e61001c0c41ed31661116d5f7ed5d5f95f91e8ded26d40aa72d446119e835c281d852904e00b02f68fd536d0451e4e71401410ab41ec68f7ff97fb030a88
-  data.tar.gz: b0b1beb93ad7b3950bddb41dfb6e04354e08b46e29f5f3db5d474ddd4964cd09d65776a1f57625d103d1e56e9a0d235579372c74a867fa2080beabcfc757395f
+  metadata.gz: 20f51dbd1ea9661fec78d1371f52459aaf00a4a42e7274f375bd81c7cfc89bac9dfba1546af7cf71f7fea5fd8479fa7ceab9605ea1a8d0ceef7099e0212d4738
+  data.tar.gz: 74939a0d48677079ac46585276369a4d090d8bcbdd4e0ab84d37a8a48d2e54977dec5541b823f0a08c7642787ce13041a54311963010a5449424f13a181e72de

data/CHANGELOG.md

@@ -1,8 +1,18 @@
 ## [Unreleased]
 
+## [0.5.1] 2024-09-09
+
+- Remove dev files from the release
+
+## [0.5.0] 2024-09-09
+
+- Added support for Managed Identities (Entra ID)
+
 ## [0.4.2] 2024-06-06
 
-Documentation
+- Documentation
+- Fix an issue with integrity check on multi block upload
+
 
 ## [0.4.1] 2024-05-27
 

data/README.md

@@ -4,7 +4,7 @@ This gem was built to replace azure-storage-blob (deprecated) in Active Storage,
 
 ## Active Storage
 
-## Migration
+### Migration
 To migrate from azure-storage-blob to azure-blob:
 
 1. Replace `azure-storage-blob` in your Gemfile with `azure-blob`
@@ -12,6 +12,29 @@ To migrate from azure-storage-blob to azure-blob:
 3. Change the `AzureStorage` service to `AzureBlob`  in your Active Storage config (`config/storage.yml`)
 4. Restart or deploy the app.
 
+### Managed Identity (Entra ID)
+
+AzureBlob supports managed identities on :
+- Azure VM
+- App Service
+- Azure Functions (Untested but should work)
+- Azure Containers (Untested but should work)
+
+AKS support will likely require more work. Contributions are welcome.
+
+To authenticate through managed identities instead of a shared key, omit `storage_access_key` from your `storage.yml` file.
+
+It is recommended to add the identity's `principal_id` to the config.
+
+ActiveStorage config example:
+
+```
+prod:
+  service: AzureBlob
+  container: container_name
+  storage_account_name: account_name
+  principal_id: 71b34410-4c50-451d-b456-95ead1b18cce
+```
 
 ## Standalone
 
@@ -42,6 +65,42 @@ For the full list of methods: https://www.rubydoc.info/gems/azure-blob/AzureBlob
 
 ### Dev environment
 
+A dev environment is supplied through Nix with [devenv](https://devenv.sh/).
+
+1. Install [devenv](https://devenv.sh/).
+2. Enter the dev environment by cd into the repo and running `devenv shell` (or `direnv allow` if you are a direnv user).
+3. Log into azure CLI with `az login`
+4. `terraform init`
+5. `terraform apply` This will generate the necessary infrastructure on azure.
+6. Generate devenv.local.nix with your private key and container information: `generate-env-file`
+7. If you are using direnv, the environment will reload automatically. If not, exit the shell and reopen it by hitting <C-d> and running `devenv shell` again.
+
+#### Entra ID
+
+To test with Entra ID, the `AZURE_ACCESS_KEY` environment variable must be unset and the code must be ran or proxied through a VPS with the proper roles.
+
+For cost saving, the terraform variable `create_vm` is false by default.
+To create the VPS, Create a var file `var.tfvars` containing:
+
+```
+create_vm = true
+```
+and re-apply terraform: `terraform apply -var-file=var.tfvars`.
+
+This will create the VPS and required managed identities.
+
+`bin/rake test_azure_vm` and `bin/rake test_app_service` will establish a VPN connection to the VM or App service container and run the test suite. You might be prompted for a sudo password when the VPN starts (sshuttle).
+
+After you are done, run terraform again without the var file (`terraform apply`) to destroy the VPS and App service application.
+
+#### Cleanup
+
+Some tests copied over from Rails don't clean after themselves. A rake task is provided to empty your containers and keep cost low: `bin/rake flush_test_container`
+
+#### Run without devenv/nix
+
+If you prefer not using devenv/nix:
+
 Ensure your version of Ruby fit the minimum version in `azure-blob.gemspec`
 
 and setup those Env variables:
@@ -51,19 +110,6 @@ and setup those Env variables:
 - `AZURE_PRIVATE_CONTAINER`
 - `AZURE_PUBLIC_CONTAINER`
 
-
-A dev environment setup is also supplied through Nix with [devenv](https://devenv.sh/).
-
-To use the Nix environment:
-1. install [devenv](https://devenv.sh/)
-2. Copy `devenv.local.nix.example` to `devenv.local.nix`
-3. Insert your azure credentials into `devenv.local.nix`
-4. Start the shell with `devenv shell` or with [direnv](https://direnv.net/).
-
-### Tests
-
-`bin/rake test`
-
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -2,21 +2,57 @@
 
 require "bundler/gem_tasks"
 require "minitest/test_task"
-require 'azure_blob'
+require "azure_blob"
+require_relative "test/support/app_service_vpn"
+require_relative "test/support/azure_vm_vpn"
 
-Minitest::TestTask.create
+Minitest::TestTask.create(:test_rails) do
+  self.test_globs = [ "test/rails/**/test_*.rb",
+                     "test/rails/**/*_test.rb", ]
+end
+
+Minitest::TestTask.create(:test_client) do
+  self.test_globs = [ "test/client/**/test_*.rb",
+                     "test/client/**/*_test.rb", ]
+end
 
 task default: %i[test]
 
+task :test do
+  Rake::Task["test_client"].execute
+  Rake::Task["test_rails"].execute
+end
+
+task :test_app_service do |t|
+  vpn = AppServiceVpn.new
+  ENV["IDENTITY_ENDPOINT"] = vpn.endpoint
+  ENV["IDENTITY_HEADER"] = vpn.header
+  Rake::Task["test_entra_id"].execute
+ensure
+  vpn.kill
+end
+
+task :test_azure_vm do |t|
+  vpn = AzureVmVpn.new
+  Rake::Task["test_entra_id"].execute
+ensure
+  vpn.kill
+end
+
+task :test_entra_id do |t|
+  ENV["AZURE_ACCESS_KEY"] = nil
+  Rake::Task["test"].execute
+end
+
 task :flush_test_container do |t|
   AzureBlob::Client.new(
     account_name: ENV["AZURE_ACCOUNT_NAME"],
     access_key: ENV["AZURE_ACCESS_KEY"],
     container: ENV["AZURE_PRIVATE_CONTAINER"],
-  ).delete_prefix ''
+  ).delete_prefix ""
   AzureBlob::Client.new(
     account_name: ENV["AZURE_ACCOUNT_NAME"],
     access_key: ENV["AZURE_ACCESS_KEY"],
     container: ENV["AZURE_PUBLIC_CONTAINER"],
-  ).delete_prefix ''
+  ).delete_prefix ""
 end

data/lib/active_storage/service/azure_blob_service.rb

@@ -35,7 +35,7 @@ module ActiveStorage
   class Service::AzureBlobService < Service
     attr_reader :client, :container, :signer
 
-    def initialize(storage_account_name:, storage_access_key:, container:, public: false, **options)
+    def initialize(storage_account_name:, storage_access_key: nil, container:, public: false, **options)
       @container = container
       @public = public
       @client = AzureBlob::Client.new(

data/lib/azure_blob/client.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 
-require_relative "signer"
 require_relative "block_list"
 require_relative "blob_list"
 require_relative "blob"
 require_relative "http"
+require_relative "shared_key_signer"
+require_relative "entra_id_signer"
 require "time"
 require "base64"
 
@@ -12,10 +13,13 @@ module AzureBlob
   # AzureBlob Client class. You interact with the Azure Blob api
   # through an instance of this class.
   class Client
-    def initialize(account_name:, access_key:, container:)
+    def initialize(account_name:, access_key:, container:, **options)
       @account_name = account_name
       @container = container
-      @signer = Signer.new(account_name:, access_key:)
+
+      @signer = !access_key.nil? && !access_key.empty?  ?
+        AzureBlob::SharedKeySigner.new(account_name:, access_key:) :
+        AzureBlob::EntraIdSigner.new(account_name:, **options.slice(:principal_id))
     end
 
     # Create a blob of type block. Will automatically split the the blob in multiple block and send the blob in pieces (blocks) if the blob is too big.

data/lib/azure_blob/entra_id_signer.rb

@@ -0,0 +1,115 @@
+require "base64"
+require "openssl"
+require "net/http"
+require "rexml/document"
+
+require_relative "canonicalized_resource"
+require_relative "identity_token"
+
+require_relative "user_delegation_key"
+
+module AzureBlob
+  class EntraIdSigner # :nodoc:
+    attr_reader :token
+    attr_reader :account_name
+
+    def initialize(account_name:, principal_id: nil)
+      @token = AzureBlob::IdentityToken.new(principal_id:)
+      @account_name = account_name
+    end
+
+    def authorization_header(uri:, verb:, headers: {})
+      "Bearer #{token}"
+    end
+
+    def sas_token(uri, options = {})
+      to_sign = [
+        options[:permissions],
+        options[:start],
+        options[:expiry],
+        CanonicalizedResource.new(uri, account_name, url_safe: false, service_name: :blob),
+        delegation_key.signed_oid,
+        delegation_key.signed_tid,
+        delegation_key.signed_start,
+        delegation_key.signed_expiry,
+        delegation_key.signed_service,
+        delegation_key.signed_version,
+        nil,
+        nil,
+        nil,
+        options[:ip],
+        options[:protocol],
+        SAS::Version,
+        SAS::Resources::Blob,
+        nil,
+        nil,
+        nil,
+        options[:content_disposition],
+        nil,
+        nil,
+        options[:content_type],
+      ].join("\n")
+
+      query = {
+        SAS::Fields::Permissions => options[:permissions],
+        SAS::Fields::Start => options[:start],
+        SAS::Fields::Expiry => options[:expiry],
+
+        SAS::Fields::SignedObjectId => delegation_key.signed_oid,
+        SAS::Fields::SignedTenantId => delegation_key.signed_tid,
+        SAS::Fields::SignedKeyStartTime => delegation_key.signed_start,
+        SAS::Fields::SignedKeyExpiryTime => delegation_key.signed_expiry,
+        SAS::Fields::SignedKeyService => delegation_key.signed_service,
+        SAS::Fields::Signedkeyversion => delegation_key.signed_version,
+
+
+        SAS::Fields::SignedIp => options[:ip],
+        SAS::Fields::SignedProtocol => options[:protocol],
+        SAS::Fields::Version => SAS::Version,
+        SAS::Fields::Resource => SAS::Resources::Blob,
+
+        SAS::Fields::Disposition => options[:content_disposition],
+        SAS::Fields::Type => options[:content_type],
+        SAS::Fields::Signature => sign(to_sign, key: delegation_key.to_s),
+
+      }.reject { |_, value| value.nil? }
+
+      URI.encode_www_form(**query)
+    end
+
+    private
+
+    def delegation_key
+      @delegation_key ||= UserDelegationKey.new(account_name:, signer: self)
+    end
+
+    def sign(body, key:)
+      Base64.strict_encode64(OpenSSL::HMAC.digest("sha256", key, body))
+    end
+
+    module SAS # :nodoc:
+      Version = "2024-05-04"
+      module Fields # :nodoc:
+        Permissions = :sp
+        Version = :sv
+        Start = :st
+        Expiry = :se
+        Resource = :sr
+        Signature = :sig
+        Disposition = :rscd
+        Type = :rsct
+        SignedObjectId = :skoid
+        SignedTenantId = :sktid
+        SignedKeyStartTime = :skt
+        SignedKeyExpiryTime = :ske
+        SignedKeyService = :sks
+        Signedkeyversion = :skv
+        SignedIp = :sip
+        SignedProtocol = :spr
+      end
+      module Resources # :nodoc:
+        Blob = :b
+      end
+    end
+  end
+end

data/lib/azure_blob/http.rb

@@ -7,7 +7,14 @@ require "rexml"
 
 module AzureBlob
   class Http # :nodoc:
-    class Error < AzureBlob::Error; end
+    class Error < AzureBlob::Error
+      attr_reader :body, :status
+      def initialize(body: nil, status: nil)
+        @body = body
+        @status = status
+        super(body)
+      end
+    end
     class FileNotFoundError < Error; end
     class ForbidenError < Error; end
     class IntegrityError < Error; end
@@ -44,6 +51,15 @@ module AzureBlob
       true
     end
 
+    def post(content)
+      sign_request("POST") if signer
+      @response = http.start do |http|
+        http.post(uri, content, headers)
+      end
+      raise_error  unless success?
+      response.body
+    end
+
     def head
       sign_request("HEAD") if signer
       @response = http.start do |http|
@@ -91,7 +107,7 @@ module AzureBlob
     end
 
     def raise_error
-      raise error_from_response.new(@response.body)
+      raise error_from_response.new(body: @response.body, status: @response.code&.to_i)
     end
 
     def status

data/lib/azure_blob/identity_token.rb

@@ -0,0 +1,65 @@
+require "json"
+
+module AzureBlob
+  class IdentityToken
+    RESOURCE_URI = "https://storage.azure.com/"
+    EXPIRATION_BUFFER = 600 # 10 minutes
+
+    IDENTITY_ENDPOINT = ENV["IDENTITY_ENDPOINT"] || "http://169.254.169.254/metadata/identity/oauth2/token"
+    API_VERSION = ENV["IDENTITY_ENDPOINT"] ? "2019-08-01" : "2018-02-01"
+
+    def initialize(principal_id: nil)
+      @identity_uri = URI.parse(IDENTITY_ENDPOINT)
+      params = {
+        'api-version': API_VERSION,
+        resource: RESOURCE_URI,
+      }
+      params[:principal_id] = principal_id if principal_id
+      @identity_uri.query = URI.encode_www_form(params)
+    end
+
+    def to_s
+      refresh if expired?
+      token
+    end
+
+    private
+
+    def expired?
+      token.nil? || Time.now >= (expiration - EXPIRATION_BUFFER)
+    end
+
+    def refresh
+      headers =  { "Metadata" => "true" }
+      headers["X-IDENTITY-HEADER"] = ENV["IDENTITY_HEADER"] if ENV["IDENTITY_HEADER"]
+
+      attempt = 0
+      begin
+        attempt += 1
+        response = JSON.parse(AzureBlob::Http.new(identity_uri, headers).get)
+      rescue AzureBlob::Http::Error => error
+        if should_retry?(error, attempt)
+          attempt = 1 if error.status == 410
+          delay = exponential_backoff(error, attempt)
+          Kernel.sleep(delay)
+          retry
+        end
+        raise
+      end
+      @token = response["access_token"]
+      @expiration = Time.at(response["expires_on"].to_i)
+    end
+
+    def should_retry?(error, attempt)
+      is_500 = error.status/500 == 1
+      (is_500 || [ 404, 408, 410, 429 ].include?(error.status)) && attempt < 5
+    end
+
+    def exponential_backoff(error, attempt)
+      EXPONENTIAL_BACKOFF[attempt -1] || raise(AzureBlob::Error.new("Exponential backoff out of bounds!"))
+    end
+    EXPONENTIAL_BACKOFF = [ 2, 6, 14, 30 ]
+
+    attr_reader :identity_uri, :expiration, :token
+  end
+end

data/lib/azure_blob/{signer.rb → shared_key_signer.rb}

@@ -6,7 +6,7 @@ require_relative "canonicalized_headers"
 require_relative "canonicalized_resource"
 
 module AzureBlob
-  class Signer # :nodoc:
+  class SharedKeySigner # :nodoc:
     def initialize(account_name:, access_key:)
       @account_name = account_name
       @access_key = Base64.decode64(access_key)
@@ -71,12 +71,12 @@ module AzureBlob
       URI.encode_www_form(**query)
     end
 
+    private
+
     def sign(body)
       Base64.strict_encode64(OpenSSL::HMAC.digest("sha256", access_key, body))
     end
 
-    private
-
     def sanitize_headers(headers)
       headers = headers.dup
       headers[:"Content-Length"] = nil if headers[:"Content-Length"].to_i == 0

data/lib/azure_blob/user_delegation_key.rb

@@ -0,0 +1,67 @@
+require_relative "http"
+
+module AzureBlob
+  class UserDelegationKey # :nodoc:
+    EXPIRATION = 25200 # 7 hours
+    EXPIRATION_BUFFER = 3600 # 1 hours
+    def initialize(account_name:, signer:)
+      @uri = URI.parse(
+        "https://#{account_name}.blob.core.windows.net/?restype=service&comp=userdelegationkey"
+      )
+
+      @signer = signer
+
+      refresh
+    end
+
+    def to_s
+      user_delegation_key
+    end
+
+    def refresh
+      return unless expired?
+      now = Time.now.utc
+
+
+      start = now.iso8601
+      @expiration = (now + EXPIRATION)
+      expiry = @expiration.iso8601
+
+      content = <<-XML.gsub!(/[[:space:]]+/, " ").strip!
+        <?xml version="1.0" encoding="utf-8"?>
+        <KeyInfo>
+            <Start>#{start}</Start>
+            <Expiry>#{expiry}</Expiry>
+        </KeyInfo>
+      XML
+
+      response  = Http.new(uri, signer:).post(content)
+
+      doc = REXML::Document.new(response)
+
+      @signed_oid  = doc.get_elements("/UserDelegationKey/SignedOid").first.get_text.to_s
+      @signed_tid = doc.get_elements("/UserDelegationKey/SignedTid").first.get_text.to_s
+      @signed_start = doc.get_elements("/UserDelegationKey/SignedStart").first.get_text.to_s
+      @signed_expiry = doc.get_elements("/UserDelegationKey/SignedExpiry").first.get_text.to_s
+      @signed_service = doc.get_elements("/UserDelegationKey/SignedService").first.get_text.to_s
+      @signed_version = doc.get_elements("/UserDelegationKey/SignedVersion").first.get_text.to_s
+      @user_delegation_key = Base64.decode64(doc.get_elements("/UserDelegationKey/Value").first.get_text.to_s)
+    end
+
+    attr_reader :signed_oid,
+      :signed_tid,
+      :signed_start,
+      :signed_expiry,
+      :signed_service,
+      :signed_version,
+      :user_delegation_key
+
+    private
+
+    def expired?
+      expiration.nil? || Time.now >= (expiration - EXPIRATION_BUFFER)
+    end
+
+    attr_reader :uri, :user_delegation_key, :signer, :expiration
+  end
+end

data/lib/azure_blob/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module AzureBlob
-  VERSION = "0.4.2"
+  VERSION = "0.5.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: azure-blob
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.1
 platform: ruby
 authors:
 - Joé Dupuis
@@ -31,18 +31,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".envrc"
-- ".rubocop.yml"
-- ".standard.yml"
 - CHANGELOG.md
 - LICENSE.txt
 - README.md
 - Rakefile
-- azure-blob.gemspec
-- devenv.local.nix.example
-- devenv.lock
-- devenv.nix
-- devenv.yaml
 - lib/active_storage/service/azure_blob_service.rb
 - lib/azure_blob.rb
 - lib/azure_blob/blob.rb
@@ -52,15 +44,19 @@ files:
 - lib/azure_blob/canonicalized_resource.rb
 - lib/azure_blob/client.rb
 - lib/azure_blob/const.rb
+- lib/azure_blob/entra_id_signer.rb
 - lib/azure_blob/errors.rb
 - lib/azure_blob/http.rb
+- lib/azure_blob/identity_token.rb
 - lib/azure_blob/metadata.rb
-- lib/azure_blob/signer.rb
+- lib/azure_blob/shared_key_signer.rb
+- lib/azure_blob/user_delegation_key.rb
 - lib/azure_blob/version.rb
 homepage: https://github.com/testdouble/azure-blob
 licenses:
 - MIT
 metadata:
+  rubygems_mfa_required: 'true'
   homepage_uri: https://github.com/testdouble/azure-blob
   source_code_uri: https://github.com/testdouble/azure-blob
   changelog_uri: https://github.com/testdouble/azure-blob/blob/main/CHANGELOG.md

data/.envrc

@@ -1,3 +0,0 @@
-source_url "https://raw.githubusercontent.com/cachix/devenv/d1f7b48e35e6dee421cfd0f51481d17f77586997/direnvrc" "sha256-YBzqskFZxmNb3kYVoKD9ZixoPXJh1C9ZvTLGFRkauZ0="
-
-use devenv

data/.rubocop.yml

@@ -1,25 +0,0 @@
-AllCops:
-  TargetRubyVersion: 3.1
-
-# Omakase Ruby styling for Rails
-inherit_gem: { rubocop-rails-omakase: rubocop.yml }
-
-# Overwrite or add rules to create your own house style
-#
-# # Use `[a, [b, c]]` not `[ a, [ b, c ] ]`
-# Layout/SpaceInsideArrayLiteralBrackets:
-#   Enabled: false
-
-Style/TrailingCommaInArrayLiteral:
-  Enabled: true
-  EnforcedStyleForMultiline: consistent_comma
-
-Style/TrailingCommaInHashLiteral:
-  Enabled: true
-  EnforcedStyleForMultiline: consistent_comma
-
-
-Rails/AssertNot:
-  Enabled: false
-Rails/RefuteMethods:
-  Enabled: false

data/.standard.yml

@@ -1,3 +0,0 @@
-# For available configuration options, see:
-#   https://github.com/standardrb/standard
-ruby_version: 3.1

data/azure-blob.gemspec

@@ -1,33 +0,0 @@
-# frozen_string_literal: true
-
-require_relative "lib/azure_blob/version"
-
-Gem::Specification.new do |spec|
-  spec.name = "azure-blob"
-  spec.version = AzureBlob::VERSION
-  spec.authors = [ "Joé Dupuis" ]
-  spec.email = [ "joe@dupuis.io" ]
-
-  spec.summary = "Azure blob client"
-  spec.homepage = "https://github.com/testdouble/azure-blob"
-  spec.license = "MIT"
-  spec.required_ruby_version = ">= 3.1"
-
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = spec.homepage
-  spec.metadata["changelog_uri"] = "https://github.com/testdouble/azure-blob/blob/main/CHANGELOG.md"
-
-  spec.add_dependency "rexml"
-
-  # Specify which files should be added to the gem when it is released.
-  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files = Dir.chdir(__dir__) do
-    `git ls-files -z`.split("\x0").reject do |f|
-      (File.expand_path(f) == __FILE__) ||
-        f.start_with?(*%w[bin/ test/ spec/ features/ .git .github appveyor Gemfile])
-    end
-  end
-  spec.bindir = "exe"
-  spec.executables = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
-  spec.require_paths = [ "lib" ]
-end

data/devenv.local.nix.example

@@ -1,8 +0,0 @@
-{pkgs, lib, ...}:{
-  env = {
-    AZURE_ACCOUNT_NAME = "";
-    AZURE_ACCESS_KEY = "";
-    AZURE_PRIVATE_CONTAINER = "";
-    AZURE_PUBLIC_CONTAINER = "";
-  };
-}

data/devenv.lock

@@ -1,242 +0,0 @@
-{
-  "nodes": {
-    "devenv": {
-      "locked": {
-        "dir": "src/modules",
-        "lastModified": 1715593316,
-        "narHash": "sha256-S7XatU9uV3q9bVBcg/ER0VMQcnPZprrVlN209ne7LDw=",
-        "owner": "cachix",
-        "repo": "devenv",
-        "rev": "725c90407ef53cc2a1b53701c6d2d0745cf2484f",
-        "type": "github"
-      },
-      "original": {
-        "dir": "src/modules",
-        "owner": "cachix",
-        "repo": "devenv",
-        "type": "github"
-      }
-    },
-    "flake-compat": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "treeHash": "2addb7b71a20a25ea74feeaf5c2f6a6b30898ecb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-compat_2": {
-      "flake": false,
-      "locked": {
-        "lastModified": 1696426674,
-        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
-        "type": "github"
-      },
-      "original": {
-        "owner": "edolstra",
-        "repo": "flake-compat",
-        "type": "github"
-      }
-    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "treeHash": "bd263f021e345cb4a39d80c126ab650bebc3c10c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "flake-utils_2": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1710146030,
-        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
-    "gitignore": {
-      "inputs": {
-        "nixpkgs": [
-          "pre-commit-hooks",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1709087332,
-        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
-        "type": "github"
-      },
-      "original": {
-        "owner": "hercules-ci",
-        "repo": "gitignore.nix",
-        "type": "github"
-      }
-    },
-    "nixpkgs": {
-      "locked": {
-        "lastModified": 1715542476,
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "44072e24566c5bcc0b7aa9178a0104f4cfffab19",
-        "treeHash": "3f9021e4c33de6fe59b88ac8c3019fc49136dc2a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs-ruby": {
-      "inputs": {
-        "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_2"
-      },
-      "locked": {
-        "lastModified": 1713939467,
-        "owner": "bobvanderlinden",
-        "repo": "nixpkgs-ruby",
-        "rev": "c1ba161adf31119cfdbb24489766a7bcd4dbe881",
-        "treeHash": "0d32620317b29f94d6718684f030dd2fc2f30cb2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "bobvanderlinden",
-        "repo": "nixpkgs-ruby",
-        "type": "github"
-      }
-    },
-    "nixpkgs-stable": {
-      "locked": {
-        "lastModified": 1710695816,
-        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1715542476,
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "44072e24566c5bcc0b7aa9178a0104f4cfffab19",
-        "treeHash": "3f9021e4c33de6fe59b88ac8c3019fc49136dc2a",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.11",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "pre-commit-hooks": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "flake-utils": "flake-utils_2",
-        "gitignore": "gitignore",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
-        "lastModified": 1715609711,
-        "narHash": "sha256-/5u29K0c+4jyQ8x7dUIEUWlz2BoTSZWUP2quPwFCE7M=",
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "c182c876690380f8d3b9557c4609472ebfa1b141",
-        "type": "github"
-      },
-      "original": {
-        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "type": "github"
-      }
-    },
-    "root": {
-      "inputs": {
-        "devenv": "devenv",
-        "nixpkgs": "nixpkgs",
-        "nixpkgs-ruby": "nixpkgs-ruby",
-        "pre-commit-hooks": "pre-commit-hooks"
-      }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "treeHash": "cce81f2a0f0743b2eb61bc2eb6c7adbe2f2c6beb",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
-    }
-  },
-  "root": "root",
-  "version": 7
-}

data/devenv.nix

@@ -1,12 +0,0 @@
-{ pkgs, ... }:
-
-{
-  packages = with pkgs; [
-    git
-    libyaml
-  ];
-
-
-  languages.ruby.enable = true;
-  languages.ruby.version = "3.1.5";
-}

data/devenv.yaml

@@ -1,6 +0,0 @@
-allowUnfree: true
-inputs:
-  nixpkgs:
-    url: github:NixOS/nixpkgs/nixos-23.11
-  nixpkgs-ruby:
-    url: github:bobvanderlinden/nixpkgs-ruby